4G/LTE mobile networks are used by billions of subscribers worldwide, increasingly to connect the Internet of Things. This evolution needs context-aware security in the network to prevent financial and operational risks for service providers and enterprise customers using private 4G networks. Malware that infects User Equipment (UE), including smart phones, tablets, laptops connected via a dongle, and cellular IoT devices, could prevent the UE from accessing the mobile network and could be part of a botnet launching an attack against the mobile network infrastructure.

The impact of such malware to the customer includes battery exhaustion damage to the device, degraded service, excessive billing, and more. The impact to the service provider can include customer churn, help desk calls, billing issues, excessive use of network resources by compromised subscribers and devices, and more. Detection of these threats in 4G/LTE mobile networks requires identification of compromised subscribers; prevention requires the ability to apply network security based on subscriber ID, which is an International Mobile Subscriber Identity (IMSI).

You can use GTP security to investigate a security event related to a subscriber or user in a 4G network based on the IMSI. You can look at the traffic, threat, URL filtering and WildFire

®

logs and reports.

You can apply network security based on the subscriber identity of a user who is trying to access your 4G network.

The following graphic illustrates two 4G deployment options. In the first option, the firewall is on the S11 and S1-U interfaces. S11 is the interface between the MME and SGW; S1-U is the interface between the eNodeB and SGW in the 4G/LTE network. In the second option, the firewall is on the S5/S8 interfaces, which are between the SGW and PGW in the 4G/LTE network.

You can apply the following per equipment ID: application control, Antivirus, Anti-Spyware, URL filtering, intrusion prevention, and advanced threat prevention with WildFire based on an IMSI or a group of IMSIs.

Security policy rules allow you to specify external dynamic lists (EDLs) that can specify IMSIs so that you can dynamically add IMSIs to the rule.

When deciding which firewall model to purchase, consider the total number of 3G, 4G, and 5G network identifiers (Subscriber IDs and Equipment IDs) you need to include as EDL entries or static entries. The table in 5G Equipment ID and Subscriber ID Security provides capacities of EDL entries and static entries for each firewall model.